WordPress 4.7.2 Cross-Site Scripting (XSS) via Taxonomy Term Names
Recently, WordPress team is published WordPress version 4.7.3. This version fixed some errors that existed in previous WordPress versions.
On this post, I am going to analysis WordPress 4.7.2 Cross-Site Scripting (XSS) via Taxonomy Term Names vulnerability.
The problem is that this JS code.
Where val is the unfiltered user input, and Patch replaces it with span.html () for entity encoding.
After testing, find Patch in js file loading location:
When it comes to add or modify the label of the page, the user manually enters a tag, dynamically generates a button below the input box for the deletion of the article tag.
Example: Enter a name xss tag button after generation.
Close “span” tag